Method and System for Log Aggregation

ABSTRACT

Systems and methods for aggregating one or more log records are provided. An example method includes receiving an indication that a request has been completed. The method also includes aggregating, at the log aggregator, log records that were created based on processing the request. The log records include a unique identifier associated with the request. The method further includes sending the aggregated log records to the log client.

CROSS-REFERENCE TO RELATED APPLICATION(S)

The present application is related to the following co-pendingapplications each filed on even date herewith: (1) U.S. application Ser.No. ______) entitled “Method and System for Providing a Framework as aService” and naming Akara SUCHARITAKUL as the sole inventor and (2) U.S.application Ser. No. ______, entitled “Method and System for Providing aPipeline Infrastructure” and naming Akara SUCHARITAKUL as the soleinventor. Each of the aforementioned co-pending applications isincorporated by reference herein.

BACKGROUND

1. Field of the Disclosure

The present disclosure generally relates to computing systems and moreparticularly to providing log aggregation.

2. Related Art

Companies invest heavily in protecting their electronic assets. A systembreach may result in lost profits and a decline in consumer confidencein a company. A large portion of business is done through networkedcomputers. Nowadays, applications may be written to run on differentplatforms, stacks, and programming environments. It is oftentimes adaunting task to defend these applications against intrusion.Additionally, even if a solution were found, it may be difficult torollout crucial fixes to the applications in a short amount of time.Each fix may be a huge engineering effort associated with high costs anda lot of manpower.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 is a flowchart illustrating an embodiment of a method forproviding a framework as a service;

FIG. 2 is a schematic view illustrating an embodiment of a system thatimplements a framework as a service;

FIG. 3 is a schematic view illustrating an embodiment of an incomingpipeline and cubes 214 in more detail;

FIG. 4 is a schematic view illustrating an embodiment of an outgoingpipeline and a client proxy in more detail;

FIG. 5 is a schematic view illustrating an embodiment of a system thatimplements a pipeline as a service;

FIG. 6 is a schematic view illustrating an embodiment of pipeline as aservice coupled to a load balancer;

FIG. 7 is a schematic view illustrating an embodiment of a systemincluding a log aggregator;

FIG. 8 is a flowchart illustrating an embodiment of a method forproviding a pipeline as a service;

FIG. 9 is a flowchart illustrating an embodiment of a method for storingaggregated log records associated with a request; and

FIG. 10 is a schematic view illustrating an embodiment of a computersystem.

Embodiments of the present disclosure and their advantages are bestunderstood by referring to the detailed description that follows. Itshould be appreciated that like reference numerals are used to identifylike elements illustrated in one or more of the figures, whereinshowings therein are for purposes of illustrating embodiments of thepresent disclosure and not for purposes of limiting the same.

DETAILED DESCRIPTION I. Example Method II. Example System Architecture

A. Pipeline Handlers

B. API Shim

C. Framework as a Service

III. Process Flow of an Application Receiving a Decorated Request andRetrieving Information Responsive to the Request

A. Logging Pipeline Handler

B. Personalization Pipeline Handler

-   -   1. Incoming Personalization Pipeline Handler Decorates the        Request    -   2. Application Processes the Personal Information Included in        the Decorated Request

C. Tracking Pipeline Handler

-   -   1. Incoming Tracking Pipeline Handler Decorates the Request    -   2. Application Processes the Tracking Information Included in        the Decorated Request

D. Experimentation Pipeline Handler

E. Client Proxy

IV. Process Flow of a Response Traversing the Pipeline Handlers in theOutgoing Pipeline V. Pipeline as a Service

A. Pipeline as a Service May be Coupled to Multiple Frameworks

B. Pipeline as a Service May be Coupled to Other InfrastructureComponents

VI. Log Aggregation VII. Example Methods VIII. Example Computing SystemsI. Example Method

An application framework may generally refer to a software architecturethat allows applications to plug their business logic in. Components ofan application framework usually run in the same process and aretypically tightly integrated within the application. It may be desirableto provide a framework as a service.

The present disclosure provides a system and method for providing aframework as a service. FIG. 1 is a flowchart illustrating an embodimentof a method 100 for providing a framework as a service. Method 100 isnot meant to be limiting and may be used in other applications otherthan the applications discussed below. Method 100 includes blocks102-106. In a block 102, an action on a first request is performed at anincoming pipeline handler in a first process. A framework may beprovided as a service to different applications. The framework mayinclude pipeline handlers and cubes. For example, a computer system mayinclude pipeline handlers and cubes, and also run one or moreapplications. An application may run on the computer system in a firstprocess, and the pipeline handlers and cubes may run in a second processthat is separate from the first process. Accordingly, anotherapplication running in a third process in the computer system may pluginto the framework and use the services of the pipeline handlers andcubes. The pipeline handler may decorate a request to an applicationwith information that is used by the application. The pipeline handlermay decorate a request by adding information to the request and passingit along to the next component, which may be another pipeline handler inthe pipeline or the application.

In a block 104, the first request is sent to the application running ina second process. In a block 106, a second request from an applicationis received at a cube in the first process, the second request beingbased on the first request. The incoming pipeline handler andapplication may reside in the same computer system. The cube may respondto requests from the application, as will be further discussed below.

It should be understood that additional processes may be performedbefore, during, or after blocks 102-106 discussed above. It is alsounderstood that one or more of the blocks of method 100 described hereinmay be omitted, combined, or performed in a different sequence asdesired

II. Example System Architecture

FIG. 2 is a schematic view 200 illustrating an embodiment of a systemthat implements a framework as a service. In FIG. 2, computer system 202includes an application 204, incoming pipeline 210, outgoing pipeline212, and cubes 214. Incoming pipeline 210 may include incoming pipelinehandlers that intercept and act on requests to application 204. In anexample, a client 206 may send a request 220 through a network toapplication 204 for processing.

A. Pipeline Handlers

One or more incoming pipeline handlers may perform actions on request220 before it reaches the application. In an example, incoming pipelinehandlers may decorate request 220, thus generating a decorated request222 that is passed along to application 204 for processing. A requestmay be decorated by adding information to the request. An incomingpipeline handler may also keep track of how the request has beendecorated. Outgoing pipeline 212 may include outgoing pipeline handlersthat intercept and act on responses from application 204. Application204 may process decorated request 222 and provide a response 224responsive to the request. One or more outgoing pipeline handlers mayperform actions on response 224 before it is sent to client 206.

An incoming and/or outgoing pipeline may be associated with and providedas part of a cube, which may provide multiple services and functions. Aninfrastructure may refer to a hardware or software component that is notpart of the application logic or application code, but may provideservices (e.g., load balancer or firewall). The pipeline infrastructureis the machinery that executes the pipeline handlers, and the pipelinesmay reference the cubes. Application 204 may call into a cube byinvoking an application programming interface (API) call to request thecube's services. Cubes 214 respond to requests from application 204 andmay be a service delivery architecture. A cube may obtain informationfrom pipeline handlers (in incoming pipeline 210 and/or outgoingpipeline 212) and/or via a service call to a computer system outside ofcomputer system 202. The cube may make the outside service call ifcomputer system 202 does not store all the information for responding toa request from application 204.

B. API Shim

Application 204 is associated with an API shim 208 that may beimplemented for every language in which application 204 is written. Inan example, if application 204 is written in Python, API shim 208 is aPython API shim. Using API shim 208, it may be unnecessary to updateapplication 204 and the infrastructure for it because the infrastructurehas been generalized with the use of pipeline handlers and cubes.

API shim 208 may be a small library that sits with application 204inside the same address space. API shim 208 may communicate with cubes214 by making calls through hypertext transfer protocol (HTTP) or bysending messages through a messaging queue to cubes 214. In particular,API shim 208 may communicate with a service inside a cube similarly to aregular service call except that API shim 208 and the cube both residein computer system 202.

Application 204 may want to talk to other services and databases outsideof computer system 202. As will be explained further below, application204 may communicate with a client proxy 230 to communicate with otherinformation sources.

C. Framework as a Service

Application 204 and each of the pipeline handlers and cubes areexecutable on computer system 202 and may reside in the same computersystem. Each of the pipeline handlers and cubes may be software modulesexecutable on one or more hardware processors included in computersystem 202. In some examples, incoming pipeline 210, outgoing pipeline212, and cubes 214 are referred to as a framework that may be providedas a service to one or more applications. In particular, incomingpipeline 210, outgoing pipeline 212, and cubes may be implemented as aframework as a service. The framework as a service may be coupled to oneor more applications.

The framework as a service may be in a different process than theapplications that communicate with the framework as a service. Inparticular, application 204 may run in a different process than theincoming and outgoing pipeline handlers and cubes. In other words, thecomponents in the framework may be separate from application 204. In anexample, application 204 may run in a first process that is separatefrom a second process in which incoming pipeline 210, outgoing pipeline212, and cubes 214 run. Additionally, the application may run in thesame or different virtual machine as incoming pipeline 210, outgoingpipeline 212, and cubes 214.

When a cube is installed in the framework as a service, the applicationmay look inside the cube and identify services provided by the cube. Inan example, request 220 includes a unique identifier (e.g., globallyunique identifier (GUID)), and application 204 invokes one or more APIsexposed by cube 214 for information based on the identifier. If cubes214 are implemented for a framework as a service, the cubes may beconfigured to listen for an incoming request and an outgoing response inorder to function properly.

In some examples, an incoming pipeline handler and its associatedoutgoing pipeline handler and cube may be added to the infrastructure.As such, pipeline handlers and cubes may be “plugged” into theinfrastructure and provided as a service to one or more applications.For example, incoming pipeline handlers and outgoing pipeline handlersmay be added to incoming pipeline 210 and outgoing pipeline 212,respectively. Similarly, one or more cubes may be added to cubes 214 andcommunicate with application 204 via API shim 208. An advantage of“plugging” pipeline handlers and cubes into the infrastructure mayprovide flexibility because new pipeline handlers and cubes may beindependently incorporated into the infrastructure. This may beparticularly advantageous if pipeline handlers and their associatedcubes (if applicable) are supplied by different teams of developers.

If the environment in which computer system 202 is in or interacts withhas been compromised, a security development team may provide securitypipeline handlers and a security cube and add them to theinfrastructure. For example, if request 220 is received, incomingpipeline 210 may include an incoming security handler that decorates therequest with security information. In an example, the securityinformation asks whether this particular request is permitted to accessapplication 204. If the request is permitted, the incoming securityhandler may pass the request along in the pipeline or to application204. If the request is not permitted, the incoming security handler maydrop the request and send an error message to the sender of the request.In another example, the security cube may have one or more APIs, and thesecurity pipeline handler may make an API call into the security cube toensure that particular actions are allowed. Accordingly, rather thanimplement one fix for all the application stacks, the security pipelinehander and cube may be used to secure the environment in which multipleapplications operate because the framework as a service sits in adifferent process than the applications. Additionally, the fix providedby the security pipeline hander and cube may be applied in a shorteramount of time compared to providing a fix for all the applicationstacks. Moreover, if another security issue arises, the security cubemay be updated with a new version of the security pipeline handler.

III. Process Flow of an Application Receiving a Decorated Request andRetrieving Information Responsive to the Request

FIG. 3 is a schematic view 300 illustrating an embodiment of incomingpipeline 210 and cubes 214 in more detail. FIG. 4 is a schematic view400 illustrating an embodiment of outgoing pipeline 112 and client proxy230 in more detail. FIGS. 3 and 4 are discussed together to betterunderstand some aspects of the disclosure. In FIG. 3, incoming pipeline210 includes an incoming logging handler 210 a, an incomingpersonalization handler 210 b, an incoming tracking handler 210 c, andan incoming experimentation handler 210 d. These incoming pipelinehandlers are part of incoming pipeline 210. Additionally, cubes 114include a personalization cube 214 b, a tracking cube 214 c, and anexperimentation cube 214 d. In FIG. 4, outgoing pipeline 112 includes anoutgoing logging handler 212 a, an outgoing personalization handler 212b, an outgoing tracking handler 212 c, and an outgoing experimentationhandler 212 d. These outgoing pipeline handlers are part of outgoingpipeline 212. Additionally, client proxy 230 includes a service clientlayer 430, a service routing layer 432, and a service resilience layer434.

Incoming logging handler 210 a is associated with outgoing logginghandler 212 a. Incoming personalization handler 210 b is associated withpersonalization cube 214 b and outgoing personalization handler 212 b.Incoming tracking handler 210 c is associated with tracking cube 214 cand outgoing tracking handler 212 c. Incoming experimentation handler210 d is associated with experimentation cube 214 d and outgoingexperimentation handler 212 d.

It should be understood that the order of pipeline handlers in apipeline may be modified if the pipeline handlers have no dependencies.If two pipeline handlers have no dependencies, the order in which arequest or response is processed with respect to the two pipelinehandlers may be modified. In an example, based on dependencies, incomingtracking handler 210 c should be before the incoming experimentationhandler 210 d in incoming pipeline 210. Accordingly, it is undesirableto modify their order. In another example, a security pipeline handlerdoes not have dependencies. Accordingly, the security pipeline handlermay be placed anywhere in the pipeline.

A pipeline handler may be supplied as part of its associated cube. Cubesmay respond to requests from application 214. Services within a cube maybe unable to determine the boundaries of a request to or response fromapplication 204. The pipeline handlers inside incoming pipeline 210 oroutgoing pipeline 212 may understand those boundaries and ensure thatthe request and/or response is processed accordingly.

A. Logging Pipeline Handler

In FIG. 3, incoming logging handler 210 a may be added to theinfrastructure to intercept requests to application 204 before they arereceived by the application and may log each of those requests. Logginghandler 210 a may decorate the request with logging information. Logginginformation may include, for example, the date and time the request wasreceived and an identifier that identifies the recipient of the request.In an example, request 220 may be given a unique identifier (e.g.,globally unique identifier (GUID)) that is included in the request. Insuch an example, incoming logging handler 210 a may identify the uniqueidentifier in the request and log the unique identifier along with otherinformation. Incoming logging handler 210 a may be separate from and runin a different process than application 204. As such, it may beunnecessary for incoming logging handler 210 a to be integrated intoapplication 204.

Request 220 may traverse each of the pipeline handlers included inincoming pipeline 210 before being sent to application 204. If anotherpipeline handler is included in incoming pipeline 210 after incominglogging handler 210 a, request 220 may be passed along to this nextpipeline handler; otherwise, incoming logging handler 210 a may passrequest 220 to application 204.

B. Personalization Pipeline Handler 1. Incoming Personalization PipelineHandler Decorates the Request

In FIG. 3, incoming logging handler 210 a may pass request 220 toincoming personalization handler 210 b, which may decorate request 220by adding personal information to the request. Incoming personalizationhandler 210 b may be separate from and run in a different process thanapplication 204. As such, it may be unnecessary for incomingpersonalization handler 210 b to be integrated into application 204.

In an example, client 206 (see FIG. 2) is a Web browser, and incomingpersonalization handler 210 b identifies a user associated with client206 likely to have sent request 220. The user may have used the same Webbrowser to access application 204 multiple times. For example, incomingpersonalization handler 210 b may associate the user with a cookie,which is a small file containing a string of characters sent to the Webbrowser. Incoming personalization handler 210 b may determine thatrequest 220 was sent from that particular user and also determine theuser's personal information based on the received cookie. In an example,the user is “Jane Doe,” and her area of interest is fashion.

Incoming personalization handler 210 b may decorate request 220 with thepersonal information (e.g., name of the user is Jane Doe and fashion asher area of interest) to generate at least a portion of decoratedrequest 222. If another pipeline handler is included in incomingpipeline 210 after incoming personalization handler 210 b, request 220may be passed along to this next pipeline handler; otherwise, incomingpersonalization handler 210 b may pass decorated request 220 toapplication 204.

2. Application Processes the Personal Information Included in theDecorated Request

Application 204 may receive decorated request 222 from incoming pipeline210 and identify the personal information in the request. In an example,application 204 is a homepage application that identifies elements basedon the personal information in decorated request 220 and renders theelements into the homepage. The homepage including the elements will bedisplayed to the user. For example, in response to discovering that JaneDoe's area of interest is fashion, application 204 may include thelatest fashion trends in the homepage (e.g., most popular shoes andpurses of Y2014).

An incoming pipeline handler may decide how much to decorate a request.If the incoming pipeline handler provides too much information in therequest, then too much information may be passed to application 204 anddecorated request 22 may be too big. Information not included in therequest but wanted from application 204 may be requested from the cubeassociated with the pipeline handler. If application 204 does not haveenough information (e.g., Jane Doe's area of interest, age, etc.) basedon the personal information in decorated request 222 to render thehomepage, application 204 may send a request 302 to personalization cube214 b for more information about Jane Doe. Request 302 may be a requestfor Jane Doe's area of interest, age range, gender, and location.

In some examples, application 204 uses API shim 208 to call intopersonalization cube 214 b to request information about Jane Doe. In anexample, request 220 is associated with a username and password, andapplication 204 provides this information in request 302 topersonalization cube 214 b so that it can obtain personal informationfor the correct person. API shim 208 may send request 302 via an HTTPcall or a messaging queue to personalization cube 214 b to requestinformation from personalization cube 214 b about Jane Doe. In anexample, personalization cube 214 b may communicate with one or morepersonalization services 304 to request information about the user.Personalization service 304 may be any information source (e.g., withinthe enterprise or outside of the enterprise) and may return a responseincluding at least some of the requested information.

Responsive to request 302, personalization cube 214 b may send response306 including the requested information to application 204. Application204 receives response 306, which may include personal information aboutJane Doe. In an example, response 306 specifies that Jane Doe's area ofinterest is fashion, she is female and between the ages of 24-30, andresides in Austin, Tex. After application 204 is finished processingdecorated request 222 received from incoming pipeline 210, application204 may create a response 224 responsive to request 220.

C. Tracking Pipeline Handler 1. Incoming Tracking Pipeline HandlerDecorates the Request

In FIG. 3, incoming personalization handler 210 b may pass request 220to incoming tracking handler 210 c, which may decorate request 220 byadding tracking information to the request. Incoming tracking handler210 c may be separate from and run in a different process thanapplication 204. As such, it may be unnecessary for incoming trackinghandler 210 c to be integrated into application 204.

Incoming tracking handler 210 c may decorate request 220 with thetracking information (e.g., a list of Jane Doe's behaviors “X,” “Y,” and“Z” to track) to generate at least a portion of decorated request 222.For example, the tracking information may include behaviors such as theuser's purchases, etc. If another pipeline handler is included inincoming pipeline 210 after incoming tracking handler 210 c, request 220may be passed along to this next pipeline handler; otherwise, incomingtracking handler 210 c may pass decorated request 220 to application204.

2. Application Processes the Tracking Information Included in theDecorated Request

Application 204 may receive decorated request 222 from incoming pipeline210 and identify the tracking information in the request. In an example,the tracking information is a request to application 204 to track theuser's purchasing behavior. Application 204 may make a service call intotracking cube 214 c (e.g., invoke an API) specifying that application204 is tracking the user's purchasing behavior. Application 204 maycontinue to execute logic, and responsive to observing the user purchasea good or service or browsing particular goods or services, application204 may make another service call into tracking cube 214 c to inform itof the user's purchases or browsing behavior. In this way, tracking cube214 c may then log the user's purchasing behavior and browsing behavior.After application 204 is finished processing decorated request 222received from incoming pipeline 210, application 204 may create aresponse 224 responsive to request 220.

D. Experimentation Pipeline Handler

In FIG. 3, incoming tracking handler 210 c may pass request 220 toincoming experimentation handler 210 d, which may decorate request 220by adding experimentation information to the request. Incomingexperimentation handler 210 d may be separate from application 204. Assuch, it may be unnecessary for incoming experimentation handler 210 dto be integrated into application 204.

Incoming experimentation handler 210 d may decorate request 220 with theexperimentation information (e.g., what information to provide to theuser based on her choices) to generate at least a portion of decoratedrequest 222. Experimentation information may include displayingdifferent advertisements or colors on the webpage to the user andrecording the user's behavior. If another pipeline handler is includedin incoming pipeline 210 after incoming experimentation handler 210 d,request 220 may be passed along to this next pipeline handler;otherwise, experimentation handler 210 d may pass decorated request 220to application 204. Application 204 may receive decorated request 222from incoming pipeline 210 and identify the experimentation informationin the request.

It should be understood that decorated request 222 may include at leastone of logging information, personalization information, trackinginformation, and experimentation information.

E. Client Proxy

In keeping with the above example in which fashion is Jane Doe's area ofinterest, application 204 may send a search request for appropriatepromotion items (e.g., shoes and purses) that fit the user's profile.Application 204 may want to talk to other services and databases outsideof computer system 202. To do so, application 204 may send requests toclient proxy 230, which may be thought of as a cube that providesservices.

In FIG. 4, client proxy 230 includes a client service layer 430, aclient routing layer 432, and a client resilience layer 434. In anexample, service client layer 430 communicates with service routinglayer 432 to identify a uniform resource locator (URL) to whichpromotion items map. Service client layer 430 may make a service call toa service remote from computer system 202. In an example, the service isa search service, and service client layer 430 does not know where theitem is located. The search service may be given a common name that is aURL or uniform resource identifier (URI), which may not have a location.

In some examples, the URL depends in which data center computer system202 is located because it may be desirable to not cross data centers(although this may happen). Service routing layer 432 may also determinethe URL based on the environment in which computer system 202 is in andwhether it is requesting information from an internal or externalservice. For example, if computer system 202 is located in a qualityassurance environment in Phoenix, service routing layer 432 may send therequest for one or more promotion items to“itemservice.QA.phoenix.acme.com.” In contrast, if computer system 202is located in a production environment in Salt Lake City, servicerouting layer 432 may send the request for one or more promotion itemsto “itemservice.prod.SLC.acme.com.” Client routing layer 432 may thenroute request 436 to the URL or URI to retrieve the promotion item(s).Service resilience layer 434 may watch for a response responsive torequest 436.

Client proxy 230 may obtain promotion items, include the promotion itemsin response 438, and send response 438 to computer system 202. In thisexample, client proxy 230 receives a list of fashion items thatapplication 204 will render into the homepage for the user to view. InFIG. 4, application 204 sends response 224, which includes the promotionitems, through outgoing pipeline 212 for processing. In an example,application 204 may send response 224 to client 206, and outgoingpipeline 212 may intercept the response without application 204 knowing.

If the “itemservice” does not respond, it may be overcapacitated. Ifclient proxy 230 does not receive a response from the search servicewithin a threshold amount of time, service resilience layer 434 sendsresponse 438 to application 204, where response 438 includes anindication that the search service is not responding. The thresholdamount of time may be based on a service level agreement or apre-defined timeframe. In this way, service resilience layer 434 mayprevent application 204 from hanging indefinitely. A waiting applicationis a blocking application that hogs useful resources and prevents themfrom being available to other applications or components executing incomputer system 202.

IV. Process Flow of a Response Traversing the Pipeline Handlers in theOutgoing Pipeline

Application 204 may include in response 224 the unique identifier thatwas included in request 220. Application 204 sends response 224 tooutgoing pipeline 212. Response 224 may traverse each of the pipelinesin outgoing pipeline 212 in a linear fashion, starting from outgoingexperimentation handler 212 d to outgoing logging handler 212 a. Each ofoutgoing experimentation handler 212 d, outgoing tracking handler 212 c,outgoing personalization handler 212 b, and outgoing logging handler 212a may be separate from application 204. As such, it may be unnecessaryfor outgoing experimentation handler 212 d, outgoing tracking handler212 c, outgoing personalization handler 212 b, and/or outgoing logginghandler 212 a to be integrated into application 204. An outgoingpipeline handler may extract information from response 224 and send theinformation to an associated cube or to an information repository.

Outgoing experimentation handler 212 d receives response 224 and closesout request 220 for the request identifier included in the response. Byoutgoing experimentation handler 212 d closing out request 220, thisindicates to experimentation cube 214 d that the request has beenresponded to by the application. Additionally, responsive to the closeindication by outgoing experimentation handler 212 d, experimentationcube 214 d may push out the experimentation information to otherinformation systems (e.g., an associated cube or to an informationrepository).

If another pipeline handler is included in outgoing pipeline 212 afteroutgoing experimentation handler 212 d, response 224 may be passed alongto this next pipeline handler; otherwise, outgoing experimentationhandler 212 d may pass the response to client 206. In FIG. 4, outgoingexperimentation handler 212 d may pass response 224 to outgoing trackinghandler 212 c. Outgoing tracking handler 212 c receives response 224 andcloses out request 220 for the request identifier included in theresponse. By outgoing tracking handler 212 c closing out request 220,this indicates to tracking cube 214 c that the request has beenresponded to by the application. Additionally, responsive to the closeindication by outgoing tracking handler 212 b, tracking cube 214 c maypush out the tracking information to other information systems (e.g., anassociated cube or to an information repository). In an example, thetracking information specifies that for this particular unique requestidentifier, application 204 logged behaviors “X,” “Y,” and “Z.”

If another pipeline handler is included in outgoing pipeline 212 afteroutgoing tracking handler 212 c, response 224 may be passed along tothis next pipeline handler; otherwise, outgoing tracking handler 212 cmay pass the response to client 206. In FIG. 4, outgoing trackinghandler 212 c may pass response 224 to outgoing personalization handler212 b. Outgoing personalization handler 212 b receives response 224 andcloses out request 220 for the request identifier included in theresponse. By outgoing personalization handler 212 b closing out request220, this indicates to personalization cube 214 c that the request hasbeen responded to by the application. Additionally, responsive to theclose indication by outgoing personalization handler 212 b,personalization cube 214 b may push out the personalization informationto other information systems (e.g., an associated cube or to aninformation repository).

If another pipeline handler is included in outgoing pipeline 212 afteroutgoing personalization handler 212 b, response 224 may be passed alongto this next pipeline handler; otherwise, outgoing personalizationhandler 212 b may pass the response to client 206. In FIG. 4, outgoingpersonalization handler 212 b may pass response 224 to outgoing logginghandler 212 a. Outgoing logging handler 212 a receives response 224 andcloses out request 220 for the request identifier included in theresponse by logging the close time and the associated identifier.Outgoing logging handler 212 a may push out the logging information toother information systems (e.g., an associated cube or to an informationrepository). Outgoing pipeline 212 may send response 224 to client 206,and client 206 may receive the response.

V. Pipeline as a Service

In some embodiments, a pipeline may be part of the applicationframework. For example, in FIG. 2, the pipelines (e.g., incoming andoutgoing pipelines) may be integrated into the application framework. Inan example, if an application is written in JAVA®, the pipelinestypically fit in the same process written in JAVA® and may only work forthose frameworks. Trademarks are the property of their respectiveowners. Traditionally, a new pipeline is reconstructed for each newapplication framework. It may be costly and inefficient to reconstruct anew pipeline for each new application framework.

The pipeline may be taken out of the process in which the application orcubes run. In this example, the pipeline handlers that are part ofincoming pipeline 210 and/or outgoing pipeline 212 may run in a processseparate from the application and cubes, thus providing a pipeline as aservice. Providing a pipeline as a service may provide a “neutral”pipeline that can be easily integrated with other architectures that arenot native to current implementations. As such, it may be unnecessary tohave one infrastructure per language specification, resulting in savedcosts. Rather, the pipeline may be used for all the languages in whichan application is written, and is independent of the framework.

Additionally, it may be unnecessary for a developer developing thebusiness logic for application 204 to set up a context (e.g.,programming language, etc.) before the application is accessed. Thedeveloper may be better able to focus on application logic, and not theinfrastructure below it. Further, if pipeline handlers that are part ofa pipeline are developed by different teams, they may be easilyintegrated into the pipeline. Additionally, the pipeline may be lighterweight than conventional pipelines, which are native to a framework.

A. Pipeline as a Service May be Coupled to Multiple Frameworks

In some examples, the pipeline (e.g., incoming pipeline 210 and/oroutgoing pipeline 212) is a separate component that exists outside ofthe application framework, and may be connected to different frameworks.The pipeline may provide the same functionality and services todifferent applications or the same application written in differentlanguages. As such, other applications may receive requests from or sendresponses to the pipeline.

FIG. 5 is a schematic view 500 illustrating an embodiment of a systemthat implements a pipeline as a service. In FIG. 5, computer system 502includes an application 504, a pipeline as a service 502, and cubes 514.Pipeline as a service 502 includes incoming pipeline 210 and outgoingpipeline 212, which may be the same pipelines used in computer system202 and that interact with application 204 and cubes 214 in FIG. 2.Pipeline as a service 502 may reside in the same computer system as theone in which the application and cubes reside or may be reside in adifferent computer system. Additionally, although FIG. 2 illustrates aframework as a service, pipeline as a service 502 may be coupled to aframework that may or may not be a framework as a service orincorporated into a framework as a service.

Pipeline as a service 502 may be plugged into different applicationframeworks (e.g., see FIGS. 2 and 5) and may be coupled to anyframework. For example, pipeline as a service 502 may be coupled to afirst framework and to a second framework. In FIG. 5, incoming pipeline210 may decorate a request received from a client and generate adecorated request 522. Additionally, outgoing pipeline 212 may receiveresponse 524, which is responsive to request 522. Outgoing pipeline 212may process response 524 and send it to the client.

To integrate pipeline as a service 502 into an application framework,the integration of the framework's request and response management maybe removed from the pipeline. Additionally, the communication interfacein and out of the pipeline may be defined. When a pipeline is integratedinto a framework, the pipeline and application may run in the sameprocess, so it may be unnecessary to provide this communicationinterface. With pipeline as a service 502, however, the pipeline runs ina different process than the application and possibly the cubes.Incoming pipeline 210 and outgoing pipeline 212 in pipeline as a service502 may communicate with services and components outside of computersystem 502. It may be desirable for these communication interfaces to belightweight because if they are too heavy, pipeline as a service 502 maybe unable to handle a large amount of requests.

B. Pipeline as a Service May be Coupled to Other InfrastructureComponents

A cube may be one service delivery mechanism, but it should beunderstood that other service delivery mechanisms are possible.Additionally, not only may pipeline as a service 502 be coupled to anapplication framework, pipeline as a service may also be coupled toinfrastructure components that process requests or responses (e.g., loadbalancer).

FIG. 6 is a schematic view 600 illustrating an embodiment of pipeline asa service 502 coupled to a load balancer 602. In some examples, pipelineas a service 502 may be included in load balancer 602, which maypipeline a large amount of requests regardless of which framework theyare for. The pipelines in pipeline as a service 502 may communicate withan application or cubes independent of the incoming and/or outgoingprotocols.

In some examples, a pipeline handler may receive an input and emit zero,one, or more outputs. A developer of a pipeline handler may choose oneor more models of a plurality of models for the pipeline handler toimplement. The developer may choose an interface that makes the mostsense for the pipeline handler, and provide a service provider interface(SPI) at the pipeline handler for invocation by other components toimplement the model. In an example, a first model provides zero outputbased on a single input, a second model provides one output based on asingle input, a third model provides a plurality of outputs based on asingle input, and a fourth model provides a future output based on asingle input. A pipeline handler or application may have one or moreSPIs that forward zero, one, multiple, and/or future outputs. In anexample, an application or load balancer invokes an SPI at a pipelinehandler.

A pipeline handler may forward zero outputs based on a single request ifthe content in the request does not have enough information for thepipeline handler to make an informed decision or to process the request.In this case, the pipeline handler may wait for another request beforepassing it to the next pipeline handler in the pipeline. In an example,an authentication pipeline handler may provide zero outputs based on asingle input. The authentication pipeline handler may receive a requestincluding partial authentication information. In an example, the requestdoes not provide the authentication pipeline handler with enoughinformation to process the authentication request. In this example, theauthentication pipeline handler may wait for another request includingmore authentication information to process and then pass the requestalong to the next pipeline handler. Accordingly, the authenticationpipeline handler may have a first SPI that forwards zero responses basedon a single input and may also have a second SPI that forwards oneresponse based on a single input.

A pipeline handler may forward one output based on a single request ifthe content in the request provides the pipeline handler with enoughinformation to make an informed decision and to process the request. Inan example, a personalization pipeline handler may provide one outputbased on a single input. Accordingly, the personalization pipelinehandler may have an SPI that forwards one response based on the singleinput.

A pipeline handler may forward a plurality of outputs based on a singlerequest. A request may be broken down into a plurality of requestchunks. A response may be broken down into a plurality of responsechunks. In an example, application 504 may be thought of as a pipelinehandler that can receive a response and provide one or more outputsbased on the response. Accordingly, application 504 may have a first SPIthat forwards one response based on a single input, and may also have asecond SPI that forwards a plurality of response chunks based on asingle input. Application 504 may receive a request and break it downinto request chunks, process each of the request chunks, and output aresponse chunk for each request chunk.

VI. Log Aggregation

FIG. 7 is a schematic view 700 illustrating an embodiment of a systemincluding a log aggregator. In FIG. 7, computer system 702 includes anapplication 704, one or more log records 708, a log aggregator 710, anda log client 712. Application 704 may perform some processing for one ormore requests associated with unique identifiers, and may create one ormore log records 708. In an example, if an error occurs in response toprocessing a request, which is associated with a unique identifier,application 704 may log the error as part of the request. Accordingly,if the request is erroneous, the events taking place up to the error maybe easily traced. In another example, if a notable event occurs inresponse to processing a request, which is associated with a uniqueidentifier, application 704 may log the notable event as part of therequest. Accordingly, the events taking place up to the notable eventmay be easily traced.

Application 704 may log one or more events associated with the request,and create one or more log records 708 based on the logging. Application704 may open a transaction based on logging a request associated with anew unique identifier. Log aggregator 710 may receive an indication thata request has been completed. In response to the indication, logaggregator 710 may aggregate all log records 708 created based onprocessing the particular request and send them to log client 712 tostore in a centralized access log 714. Log records 708 may include aunique identifier associated with the request. Centralized access log714 is a logging system that may receive one or more requests 720 fromlog client 712 to store aggregated log records associated with arequest. Centralized access log 714 has the notion of a request, andeach request may be associated with a unique identifier. Centralizedaccess log 714 may be a system that is integrated into a framework as aservice or pipeline as a service.

Application 704, log aggregator 710, and log client 712 may keep trackof the log records associated with a request, and log client 712 mayinsert them into centralized access log 714 to complete the transaction.In an example, in response to receiving the aggregated log records, logclient 712 closes the transaction associated with the request (or theunique identifier that identifies the request).

As discussed, log aggregator 710 may receive an indication that arequest has been completed and thus log aggregator 710 may aggregate thelog records associated with the request and send them to log client 712.Timing issues, however, may present themselves because there is noguarantee that when application 704 logs events, that the log recordsare immediately created. Rather, the events may be buffered and thenlogged. Accordingly, log aggregator 710 may be unaware of when it shouldaggregate the log records associated with the request and send theaggregated log records to log client 712 because log aggregator 710 doesnot know when all events that can be associated with the request havebeen logged.

In some examples, log aggregator 710 sets a timeout period (e.g., 15milliseconds), and collects information and identifies currently activetransactions associated with requests. If log aggregator 710 determinesthat no log records associated with the request have been created withinthe timeout period, then this may be an indication to log aggregator 710that the request has been completed. Accordingly, log aggregator 710 mayaggregate all log records 708 associated with the request and send themto log client 712 to store in centralized access log 714. In an example,a transaction is open when a request associated with a new uniqueidentifier is received. Log client 712 may send a request 720 includingthe aggregated log files 708 associated with the request to centralizedaccess log 714. After centralized access log 714 stores the log recordsassociated with the unique identifier, log client 712 may close thetransaction. A request may be closed based on its associated transactionbeing closed.

The timeout period may be relative to the most recently created logrecord, and may depend on, for example, the framework or stack. Ifapplication 704 logs an event based on processing a request associatedwith a closed transaction, the administrator may manually go back andedit the transaction to include the log record. If a log worthy eventoccurs that should be recorded in centralized access log 714 and logaggregator 710 no longer has an active request associated with the logworthy event open, an administrator may determine that the transactionassociated with the request closed too soon. For example, log aggregator710 may detect a log record that has not been sent to log client 712 andbased on a request associated with a closed transaction. In thisexample, log aggregator 710 may send an alert indicating that the logrecord has not been sent to log client 712 for storage in centralizedaccess log 714, but should have been. The administrator may be alertedand manually edit the transaction to include this log record.

In response to detecting the log record associated with a closedtransaction, an administrator or log aggregator 710 may extend thetimeout period to a longer time (e.g., 25 milliseconds). To preventadjusting the timeout period too much and to provide a stable timeoutperiod, log aggregator 710 may count the number of log records that havebeen associated with a closed transaction. If the number of log recordsthat have been associated with a closed transaction exceeds a threshold,the timeout period may be too short and the administrator or logaggregator 710 may increase the timeout period. Referring back to FIG.2, log aggregator 710 may reside in computer system 202 and may be partof the same process as application 204.

VII. Example Methods

FIG. 8 is a flowchart illustrating an embodiment of a method 800 forproviding a pipeline as a service. Method 800 is not meant to belimiting and may be used in other applications other than theapplications discussed below. Method 800 includes blocks 802 and 804. Ina block 802, a first action is performed on a first request at anincoming pipeline handler, the incoming pipeline handler being part ofan incoming pipeline in a first application framework. In a block 804, asecond action is performed on a second request at the incoming pipelinehandler, the incoming pipeline handler being part of the incomingpipeline in a second application framework.

It should be understood that additional processes may be performedbefore, during, or after blocks 802 and 804 discussed above. It is alsounderstood that one or more of the blocks of method 800 described hereinmay be omitted, combined, or performed in a different sequence asdesired.

FIG. 9 is a flowchart illustrating an embodiment of a method 900 forstoring aggregated log records associated with a request. Method 900 isnot meant to be limiting and may be used in other applications otherthan the applications discussed below. Method 900 includes blocks902-906. In a block 902, an indication that a request has been completedis received. In a block 904, log records that were created based onprocessing the request are aggregated at a log aggregator, the logrecords including a unique identifier associated with the request. In ablock 906, the aggregated log records are sent to the log client.

It should be understood that additional processes may be performedbefore, during, or after blocks 902-906 discussed above. It is alsounderstood that one or more of the blocks of method 900 described hereinmay be omitted, combined, or performed in a different sequence asdesired.

VIII. Example Computing Systems

Referring now to FIG. 10, an embodiment of a computer system 1000suitable for implementing, for example, the framework as a service,pipeline as a service, and/or log aggregation, is illustrated. It shouldbe appreciated that other devices discussed above may be implemented ascomputer system 1000 in a manner as follows.

In accordance with various embodiments of the present disclosure,computer system 1000, such as a computer and/or a network server,includes a bus 1002 or other communication mechanism for communicatinginformation, which interconnects subsystems and components, such as aprocessing component 1004 (e.g., processor, micro-controller, digitalsignal processor (DSP), etc.), a system memory component 1006 (e.g.,RAM), a static storage component 1008 (e.g., ROM), a disk drivecomponent 1010 (e.g., magnetic or optical), a network interfacecomponent 1012 (e.g., modem or Ethernet card), a display component 1014(e.g., CRT or LCD), an input component 1018 (e.g., keyboard, keypad, orvirtual keyboard), and/or a cursor control component 1020 (e.g., mouse,pointer, or trackball). In one implementation, disk drive component 1010may include a database having one or more disk drive components.

In accordance with embodiments of the present disclosure, computersystem 1000 performs specific operations by processor 1004 executing oneor more sequences of instructions contained in memory component 1006,such as described herein with respect to incoming pipeline 210, outgoingpipeline 212, applications, or cubes 214. Such instructions may be readinto system memory component 1006 from another computer readable medium,such as static storage component 1008 or disk drive component 1010. Inother embodiments, hard-wired circuitry may be used in place of or incombination with software instructions to implement the presentdisclosure.

Logic may be encoded in a computer readable medium, which may refer toany medium that participates in providing instructions to processor 1004for execution. Such a medium may take many forms, including but notlimited to, non-volatile media, volatile media, and transmission media.In one embodiment, the computer readable medium is non-transitory. Invarious implementations, non-volatile media includes optical or magneticdisks, such as disk drive component 1010, volatile media includesdynamic memory, such as system memory component 1006, and transmissionmedia includes coaxial cables, copper wire, and fiber optics, includingwires that include bus 1002. In one example, transmission media may takethe form of acoustic or light waves, such as those generated duringradio wave and infrared data communications.

Some common forms of computer readable media includes, for example,floppy disk, flexible disk, hard disk, magnetic tape, any other magneticmedium, CD-ROM, any other optical medium, punch cards, paper tape, anyother physical medium with patterns of holes, RAM, PROM, EPROM,FLASH-EPROM, any other memory chip or cartridge, carrier wave, or anyother medium from which a computer is adapted to read. In oneembodiment, the computer readable media is non-transitory.

In various embodiments of the present disclosure, execution ofinstruction sequences (e.g., methods 100, 800, and/or 900) to practicethe present disclosure may be performed by computer system 1000. Invarious other embodiments of the present disclosure, a plurality ofcomputer systems 1000 coupled by a communication link 1024 to network1010 (e.g., such as a LAN, WLAN, PTSN, and/or various other wired orwireless networks, including telecommunications, mobile, and cellularphone networks) may perform instruction sequences to practice thepresent disclosure in coordination with one another.

Computer system 1000 may transmit and receive messages, data,information and instructions, including one or more programs (e.g.,application code) through communication link 1024 and network interfacecomponent 1012. Network interface component 1012 may include an antenna,either separate or integrated, to enable transmission and reception viacommunication link 1024. Received program code may be executed byprocessor 1004 as received and/or stored in disk drive component 1010 orsome other non-volatile storage component for execution.

Where applicable, various embodiments provided by the present disclosuremay be implemented using hardware, software, or combinations of hardwareand software. Also, where applicable, the various hardware componentsand/or software components set forth herein may be combined intocomposite components comprising software, hardware, and/or both withoutdeparting from the scope of the present disclosure. Where applicable,the various hardware components and/or software components set forthherein may be separated into sub-components comprising software,hardware, or both without departing from the scope of the presentdisclosure. In addition, where applicable, it is contemplated thatsoftware components may be implemented as hardware components andvice-versa.

Software, in accordance with the present disclosure, such as programcode and/or data, may be stored on one or more computer readablemediums. It is also contemplated that software identified herein may beimplemented using one or more general purpose or specific purposecomputers and/or computer systems, networked and/or otherwise. Whereapplicable, the ordering of various steps described herein may bechanged, combined into composite steps, and/or separated into sub-stepsto provide features described herein.

The foregoing disclosure is not intended to limit the present disclosureto the precise forms or particular fields of use disclosed. As such, itis contemplated that various alternate embodiments and/or modificationsto the present disclosure, whether explicitly described or impliedherein, are possible in light of the disclosure. Having thus describedembodiments of the present disclosure, persons of ordinary skill in theart will recognize that changes may be made in form and detail withoutdeparting from the scope of the present disclosure. Thus, the presentdisclosure is limited only by the claims.

What is claimed is:
 1. A system for aggregating one or more log records,comprising: a non-transitory memory storing a log aggregator and a logclient; one or more hardware processors coupled to the memory andoperable to read instructions from the memory to perform the steps of:receiving an indication that a request has been completed; aggregating,at the log aggregator, log records that were created based on processingthe request, the log records including a unique identifier associatedwith the request; and sending the aggregated log records to the logclient.
 2. The system of claim 1, wherein the one or more hardwareprocessors are operable to read instructions from the memory to performthe steps of: sending, at the log client, the aggregated log records toa centralized access log.
 3. The system of claim 1, wherein thereceiving an indication includes determining that no log recordsassociated with the request have been created within a timeout period.4. The system of claim 3, wherein the one or more processors areoperable to read instructions from the memory to perform the steps of:detecting a log record that was created based on processing the request,wherein the log record has not been sent to the log client; determiningthat the log record is associated with a closed transaction; and sendingan alert indicating that the log record has not been sent to the logclient.
 5. The system of claim 4, wherein the one or more hardwareprocessors are operable to read instructions from the memory to performthe steps of: in response to determining that the log record isassociated with a closed transaction and has not been sent to the logclient, extending the timeout period.
 6. The system of claim 2, whereinthe one or more processors are operable to read instructions from thememory to perform the steps of: logging, at an application, one or moreevents associated with the request; and creating one or more log recordsbased on the logging.
 7. The system of claim 6, wherein the one or moreprocessors are operable to read instructions from the memory to performthe steps of: opening, at the application, a transaction based onlogging the one or more events; and in response to receiving theaggregated log records, closing the transaction.
 8. A method foraggregating one or more log records, comprising: receiving an indicationthat a request has been completed; aggregating, at a log aggregator, logrecords that were created based on processing the request, the logrecords including a unique identifier associated with the request; andsending the aggregated log records to the log client.
 9. The method ofclaim 8, further comprising: sending, at a log client, the aggregatedlog records to a centralized access log.
 10. The method of claim 8,wherein the receiving an indication includes determining that no logrecords associated with the request have been created within a timeoutperiod.
 11. The method of claim 10, further comprising: detecting a logrecord that was created based on processing the request, wherein the logrecord has not been sent to the log client; determining that the logrecord is associated with a closed transaction; and sending an alertindicating that the log record has not been sent to the log client. 12.The method of claim 11, further comprising in response to determiningthat the log record is associated with a closed transaction and has notbeen sent to the log client, extending the timeout period.
 13. Themethod of claim 9, further comprising: logging, at an application, oneor more events associated with the request; and creating one or more logrecords based on the logging.
 14. The method of claim 13, furthercomprising: opening, at the application, a transaction based on loggingthe one or more events; and in response to receiving the aggregated logrecords, closing the transaction.
 15. A non-transitory computer-readablemedium comprising instructions which, in response to execution by acomputer system, cause the computer system to perform a methodcomprising: receiving an indication that a request has been completed;aggregating, at the log aggregator, log records that were created basedon processing the request, the log records including a unique identifierassociated with the request; and sending the aggregated log records tothe log client.
 16. The non-transitory machine-readable medium of claim15, wherein the method further comprises: sending, at the log client,the aggregated log records to a centralized access log.
 17. Thenon-transitory machine-readable medium of claim 15, wherein thereceiving an indication includes determining that no log recordsassociated with the request have been created within a timeout period.18. The non-transitory machine-readable medium of claim 17, wherein themethod further comprises: detecting a log record that was created basedon processing the request, wherein the log record has not been sent tothe log client; determining that the log record is associated with aclosed transaction; and sending an alert indicating that the log recordhas not been sent to the log client.
 19. The non-transitorymachine-readable medium of claim 18, wherein the method furthercomprises: in response to determining that the log record is associatedwith a closed transaction and has not been sent to the log client,extending the timeout period.
 20. The non-transitory machine-readablemedium of claim 16, wherein the method further comprises: logging, at anapplication, one or more events associated with the request; andcreating one or more log records based on the logging.